| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tcbhn.exe wurde beendet und geschlossen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2013, 16:18
| #1 |
 |  tcbhn.exe wurde beendet und geschlossen. Hallo, ich habe das gleiche Problem wie bei: http://www.trojaner-board.de/134519-...schlossen.html Jedesmal wenn ich meinen Laptop hochfahre kommt diese Fehlermeldung: "tcbhn.exe wurde beendet und geschlossen." und wenn ich es schließe taucht diese in wenigen Minuten wieder auf. Es passiert sonst nichts, ist aber nervig. hier die Logs Zoek.exe Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Nils on 06.05.2013 at 13:28:11,16.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default
---- Lines blabbers removed from prefs.js ----
---- Lines blabbers modified from prefs.js ----
user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9,foxyproxy%40eric.h.jung:4.2,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8,youtubeunblocker%40unblocker.yt:0.4.2,bbrs_002%40blabbers.com:1.0.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1347148330793}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"D:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365775778643}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1367838327708},\"DivXWebPlayer@divx.com\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\DivXWebPlayer@divx.com.xpi\",\"mtime\":1348392877052},\"foxyproxy@eric.h.jung\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\foxyproxy@eric.h.jung\",\"mtime\":1361143806044},\"youtubeunblocker@unblocker.yt\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\youtubeunblocker@unblocker.yt.xpi\",\"mtime\":1366118331923},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355312325092},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1360863437849},\"{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\":{\"descriptor\":\"C:\\\\Users\\\\Nils\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\nvis6il1.default\\\\extensions\\\\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi\",\"mtime\":1362165799516}}}]");
---- Lines blabbers removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__1334_.backup
prefs__1334_.backup
==== Deleting Files \ Folders ======================
"C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job" deleted
"C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job" deleted
"C:\Windows\tasks\GinyasBrowserCompanion Runner.job" deleted
"C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job" deleted
"C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job" deleted
"C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe" deleted
"C:\Program Files\Common Files\DVDVideoSoft\TB" deleted
"C:\Users\Nils\AppData\Roaming\BrowserCompanion" deleted
"C:\ProgramData\GinyasBrowserCompanion" not deleted
"C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default\extensions\bbrs_002@blabbers.com" deleted
"C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default\extensions\bbrs_002@blabbers.com" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Nils\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2013-05-06 10:43:30 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-10 17:30:40 2C1121F2B87E9A6B12485DF53CD848C7 1082232 ----a-w- C:\Windows\System32\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-04 19:23:15 -------- d-----w- C:\Program Files\DivX
2013-04-28 08:25:22 -------- d-----w- C:\Program Files\Microsoft
2013-04-10 16:24:44 -------- d-----w- C:\Program Files\Common Files\Skype
2013-04-07 09:45:26 -------- d-----w- C:\Program Files\Microsoft Works
2013-04-07 09:44:30 -------- d-----w- C:\Program Files\Microsoft Visual Studio
2013-04-07 09:44:30 -------- d-----w- C:\Program Files\Common Files\DESIGNER
2013-04-07 09:41:00 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2013-04-07 09:39:48 -------- d-----w- C:\Program Files\Microsoft Office
======= C: =====
====== C:\Users\Nils\AppData\Roaming ======
2013-04-27 10:52:24 -------- d-----w- C:\users\Default\AppData\Local\Microsoft Help
2013-04-27 10:52:24 -------- d-----w- C:\users\Default User\AppData\Local\Microsoft Help
2013-04-12 17:52:09 1F55F8EBC0F65DD8AE5E60D2BFF82D9A 3584 ----a-w- C:\users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-07 09:39:56 -------- d-----w- C:\users\Nils\AppData\Local\Microsoft Help
====== C:\Users\Nils ======
2013-05-04 19:17:02 -------- d-----w- C:\ProgramData\DivX
2013-04-28 08:25:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2013-04-07 09:47:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2013-04-07 09:39:47 -------- d-----w- C:\ProgramData\Microsoft Help
====== C: exe-files ==
2013-05-06 10:42:29 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Nils\Downloads\mbam-setup-1.75.0.1300(3).exe
2013-05-06 09:01:14 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Nils\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-05-06 08:59:36 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Nils\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-05-06 08:56:16 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Nils\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-04 19:16:47 D1E02B0F533E5D1DF24CD40C1BD74D10 952128 ----a-w- C:\Users\Nils\Downloads\DivXInstaller.exe
2013-05-02 22:38:04 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-02 22:38:04 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-02 22:38:03 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-02 22:37:56 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-02 22:37:55 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-02 22:37:53 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-02 22:37:51 C26BB2535C1B20DEAFAEB12634BF4DC9 781592 ----a-w- C:\Users\Nils\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.145\GoogleUpdateSetup.exe
=== C: other files ==
2013-05-06 10:43:30 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-2793609592-4110117145-1703918749-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Steam"="D:\Program Files\Steam\Steam.exe -silent"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"GoogleChromeAutoLaunch_1C06F4F014860E95AE736C749201F366"="C:\Users\Nils\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe /c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"DivXMediaServer"="d:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Steam"="D:\Program Files\Steam\Steam.exe -silent"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"GoogleChromeAutoLaunch_1C06F4F014860E95AE736C749201F366"="C:\Users\Nils\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"Google Update"="C:\Users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe /c"
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\Nils\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
==== Startup Folders ======================
2012-09-06 17:05:50 748 ----a-w- C:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16.04.2013 15:23]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000Core.job --a------ C:\Users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [06.09.2012 22:02]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000UA.job --a------ C:\Users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [06.09.2012 22:02]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default
- FoxyProxy Basic - %ProfilePath%\extensions\foxyproxy@eric.h.jung
- DivX Web Player - %ProfilePath%\extensions\DivXWebPlayer@divx.com.xpi
- YouTube Unblocker - %ProfilePath%\extensions\youtubeunblocker@unblocker.yt.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default
3D928B3FE97C403A33F803B3D1A260C9 - C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bodddioamolcibagionmmobehnbhiakf - C:\Program Files\BrowserCompanion\blabbers-ch.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Nils\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[27.09.2012 21:12]
Browser Companion Helper - Nils - Default\Extensions\bodddioamolcibagionmmobehnbhiakf
DvdVideoSoft Free Youtube Download - Nils - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
==== Chrome Fix ======================
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nils\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nils\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Nils\AppData\Local\Mozilla\Firefox\Profiles\nvis6il1.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Nils\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Nils\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\ProgramData\GinyasBrowserCompanion" not found
Code:
ATTFilter OTL Extras logfile created on: 06.05.2013 16:56:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nils\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 50,19% Memory free
6,23 Gb Paging File | 4,42 Gb Available in Paging File | 71,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 32,42 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
Drive D: | 402,28 Gb Total Space | 349,45 Gb Free Space | 86,87% Space Free | Partition Type: NTFS
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{156CAAC6-F103-4B5E-892F-F7D7B2938272}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{188B4B2A-9CD6-457A-995A-5B2E48848DB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{295DCB38-B590-41DE-9FFB-E1661DACF17F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{77D7A71A-9108-491F-A412-AED387EADE6A}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{7F7F850F-06BE-4274-8CF7-1B2F8D087D76}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{859347F0-0EC1-4DFA-9C82-01D1E723679E}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{8AE456CF-C542-4CE7-8223-6119FC48B030}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E3FC560-6FFD-40D2-9323-18B83BE93FDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEA63DF1-7FD2-4378-ABCB-05B73BFEA746}" = protocol=17 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |
"{AFD51B85-9501-4957-994A-195E3027EAFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D583F902-43E3-4EAB-9BC3-AD0E2E340E69}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE7A9D0B-7F27-4D87-93A1-F289E66508E0}" = protocol=6 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |
"{F556CFE5-A020-4012-9BA5-7071F7287AF9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FBE47B90-97F3-46F6-8A3F-270AC7EDD2B7}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"TCP Query User{0E3FEF09-40C0-4ABF-8AC7-23786D6606F5}D:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"TCP Query User{481187EC-461B-4DAA-B073-454B3AD0B4E8}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{556EFF0B-FF6C-45D3-A53F-E5D115C31C51}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{55F2CB84-4240-446F-BABC-82B4184D39A3}D:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"TCP Query User{6FF65213-7205-4D4D-A673-00776C27DC64}D:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files\skype\phone\skype.exe |
"TCP Query User{81604724-FBE0-43EA-9124-00421260DFD1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{77B619EA-70CE-4CC2-82EB-81F39E9302C8}D:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"UDP Query User{99AC6B79-076E-4D4D-ACF5-55EC49BBBC91}D:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files\skype\phone\skype.exe |
"UDP Query User{B0173481-2700-444D-AA9F-54E3B7C53334}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D48467AB-B4C2-4656-9B16-606F9B121954}D:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"UDP Query User{DBE97F2C-2899-4FE9-8FFC-5593A757815B}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |
"UDP Query User{E572545A-B1FD-451A-84E1-8498E692794B}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Pro Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA042EF2-5103-2F7E-C313-976C6F761EBE}" = AMD Fuel
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"GinyasBrowserCompanion" = GinyasBrowserCompanion
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"paw·ned²" = paw·ned² v1.3
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.05.2013 19:50:07 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0x198, Anwendungsstartzeit 01ce49eb4432c168.
Error - 05.05.2013 19:50:07 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0x1f4, Anwendungsstartzeit 01ce49eb4432e878.
Error - 06.05.2013 04:33:52 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0xa80, Anwendungsstartzeit 01ce4a346e881f04.
Error - 06.05.2013 04:38:28 | Computer Name = Nils-PC | Source = LoadPerf | ID = 3002
Description =
Error - 06.05.2013 04:46:49 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0x17d8, Anwendungsstartzeit 01ce4a356f3adf94.
Error - 06.05.2013 07:11:22 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0x8e8, Anwendungsstartzeit 01ce4a4a63a4c0a0.
Error - 06.05.2013 07:13:03 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0x1f4, Anwendungsstartzeit 01ce4a4aaceb8a4a.
Error - 06.05.2013 07:13:03 | Computer Name = Nils-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tbhcn.exe, Version 1.0.0.9, Zeitstempel 0x5121f458,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
0xc0000005, Fehleroffset 0x000665c9, Prozess-ID 0x82c, Anwendungsstartzeit 01ce4a4aacfb8fda.
Error - 06.05.2013 07:19:33 | Computer Name = Nils-PC | Source = LoadPerf | ID = 3002
Description =
Error - 06.05.2013 08:01:11 | Computer Name = Nils-PC | Source = LoadPerf | ID = 3002
Description =
[ System Events ]
Error - 25.12.2012 13:14:42 | Computer Name = Nils-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.12.2012 um 18:11:55 unerwartet heruntergefahren.
Error - 28.12.2012 10:43:08 | Computer Name = Nils-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.12.2012 um 14:38:54 unerwartet heruntergefahren.
Error - 28.12.2012 17:28:18 | Computer Name = Nils-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.12.2012 um 21:50:20 unerwartet heruntergefahren.
Error - 29.12.2012 06:39:58 | Computer Name = Nils-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.12.2012 um 11:37:51 unerwartet heruntergefahren.
Error - 04.01.2013 14:20:46 | Computer Name = Nils-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 06.01.2013 12:23:28 | Computer Name = Nils-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse
00265E44810B wurde durch den DHCP-Server 192.168.200.253 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 08.01.2013 14:46:28 | Computer Name = Nils-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 08.01.2013 14:46:35 | Computer Name = Nils-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.01.2013 07:42:31 | Computer Name = Nils-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.01.2013 15:27:16 | Computer Name = Nils-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 06.05.2013 16:56:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nils\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 50,19% Memory free 6,23 Gb Paging File | 4,42 Gb Available in Paging File | 71,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,48 Gb Total Space | 32,42 Gb Free Space | 51,07% Space Free | Partition Type: NTFS Drive D: | 402,28 Gb Total Space | 349,45 Gb Free Space | 86,87% Space Free | Partition Type: NTFS Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.06 16:54:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Downloads\OTL.exe PRC - [2013.05.03 00:37:51 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe PRC - [2013.04.19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe PRC - [2013.04.16 15:23:56 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe PRC - [2013.04.12 16:09:38 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.29 20:42:03 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.29 20:41:58 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.29 20:41:57 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.29 20:41:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.20 21:25:52 | 000,409,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE PRC - [2012.09.28 16:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice\program\soffice.bin PRC - [2012.07.04 08:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.07.04 08:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 15:18:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.04.11 15:18:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.01.13 16:18:40 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe PRC - [2009.01.08 12:07:56 | 000,450,663 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.01.08 12:07:56 | 000,237,661 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\stacsv.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2013.04.19 23:10:50 | 001,114,024 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll MOD - [2013.04.16 15:23:55 | 016,032,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll MOD - [2013.04.12 16:09:37 | 003,133,336 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll MOD - [2013.02.14 02:07:41 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.10 04:12:20 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 04:12:09 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 04:08:58 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll MOD - [2013.01.10 04:08:33 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll MOD - [2013.01.10 04:08:24 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 04:08:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 04:08:19 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll MOD - [2013.01.10 04:08:11 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013.01.10 04:08:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 04:08:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.10 04:08:01 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 04:07:52 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll MOD - [2012.09.28 16:42:42 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- D:\Program Files\OpenOffice\program\libxml2.dll MOD - [2012.07.04 07:09:18 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ========== Services (SafeList) ========== SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.16 15:23:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.29 20:42:03 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.29 20:41:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.28 16:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.04 08:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.01.13 16:18:40 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe -- (AESTFilters) SRV - [2009.01.08 12:07:56 | 000,237,661 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\stacsv.exe -- (STacSV) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.29 20:42:04 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.29 20:42:04 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.29 20:42:04 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.07.04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.07.04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.07.04 07:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.01.20 14:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.01.08 11:07:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.12.20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2013.04.12 16:09:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.04.12 16:09:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.09.05 21:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions [2013.05.06 13:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\nvis6il1.default\extensions [2013.02.18 01:30:06 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\nvis6il1.default\extensions\foxyproxy@eric.h.jung [2012.09.23 11:34:37 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\DivXWebPlayer@divx.com.xpi [2013.04.16 15:18:51 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.12.12 13:38:45 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 19:37:17 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.01 21:23:19 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nils\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] d:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = D:\Program Files\OpenOffice\program\quickstart.exe () O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C02B9C-E73E-41B9-93B4-BE7DA352336C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 13:56:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.06 13:38:59 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013.05.06 13:38:59 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Temp [2013.05.06 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Malwarebytes [2013.05.06 12:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.06 12:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.06 12:43:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.06 12:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.04 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.05.04 21:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.04.28 10:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.04.28 10:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.04.10 23:14:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 23:14:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 23:14:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 23:14:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 23:14:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 23:14:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 23:14:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 23:14:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 19:30:38 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 19:30:38 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 19:30:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 19:29:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.10 19:29:34 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 18:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.07 11:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.04.07 11:47:18 | 000,031,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll [2013.04.07 11:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2013.04.07 11:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2013.04.07 11:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.04.07 11:43:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.07 11:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2013.04.07 11:39:56 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Microsoft Help [2013.04.07 11:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.04.07 11:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.07 11:38:51 | 000,000,000 | RH-D | C] -- C:\MSOCache ========== Files - Modified Within 30 Days ========== [2013.05.06 16:43:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000UA.job [2013.05.06 16:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 15:55:46 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 15:55:46 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 15:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 13:55:33 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 13:28:06 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.06 12:43:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.06 01:51:05 | 000,404,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.06 00:43:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000Core.job [2013.04.16 15:23:56 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.16 15:23:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.12 19:52:14 | 000,003,584 | ---- | M] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 10:39:31 | 000,002,037 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.05.06 13:38:59 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.06 12:43:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.12 19:52:09 | 000,003,584 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.28 21:22:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012.09.28 16:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.09.05 21:02:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.05 19:15:23 | 000,001,356 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2012.07.04 07:09:18 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 15:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 15:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >  |
|
06.05.2013, 21:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | tcbhn.exe wurde beendet und geschlossen. Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.05.2013, 12:22
| #3 |
| | tcbhn.exe wurde beendet und geschlossen. Hallo,
__________________ich habe noch mbam durchlaufen lassen hier die Logs Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.06.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Nils :: NILS-PC [Administrator] Schutz: Aktiviert 06.05.2013 12:44:46 mbam-log-2013-05-06 (12-44-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199766 Laufzeit: 11 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 21 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Löschen bei Neustart. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 26 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Löschen bei Neustart. C:\Users\Nils\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\ack.end (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll_1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\fix5.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nils\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2013/05/06 12:44:02 +0200 NILS-PC Nils MESSAGE Starting protection
2013/05/06 12:44:02 +0200 NILS-PC Nils MESSAGE Protection started successfully
2013/05/06 12:44:02 +0200 NILS-PC Nils MESSAGE Starting IP protection
2013/05/06 12:44:36 +0200 NILS-PC Nils MESSAGE IP Protection started successfully
2013/05/06 12:44:36 +0200 NILS-PC Nils MESSAGE Starting database refresh
2013/05/06 12:44:36 +0200 NILS-PC Nils MESSAGE Stopping IP protection
2013/05/06 12:44:38 +0200 NILS-PC Nils MESSAGE IP Protection stopped successfully
2013/05/06 12:44:42 +0200 NILS-PC Nils MESSAGE Database refreshed successfully
2013/05/06 12:44:42 +0200 NILS-PC Nils MESSAGE Starting IP protection
2013/05/06 12:44:52 +0200 NILS-PC Nils MESSAGE IP Protection started successfully
2013/05/06 13:13:13 +0200 NILS-PC Nils MESSAGE Starting protection
2013/05/06 13:13:13 +0200 NILS-PC Nils MESSAGE Protection started successfully
2013/05/06 13:13:13 +0200 NILS-PC Nils MESSAGE Starting IP protection
2013/05/06 13:13:23 +0200 NILS-PC Nils MESSAGE IP Protection started successfully
2013/05/06 13:55:54 +0200 NILS-PC Nils MESSAGE Starting protection
2013/05/06 13:55:54 +0200 NILS-PC Nils MESSAGE Protection started successfully
2013/05/06 13:55:54 +0200 NILS-PC Nils MESSAGE Starting IP protection
2013/05/06 13:56:04 +0200 NILS-PC Nils MESSAGE IP Protection started successfully
2013/05/06 22:16:57 +0200 NILS-PC Nils MESSAGE Executing scheduled update: Daily
2013/05/06 22:17:31 +0200 NILS-PC Nils MESSAGE Scheduled update executed successfully: database updated from version v2013.05.06.04 to version v2013.05.06.09
2013/05/06 22:17:31 +0200 NILS-PC Nils MESSAGE Starting database refresh
2013/05/06 22:17:31 +0200 NILS-PC Nils MESSAGE Stopping IP protection
2013/05/06 22:17:38 +0200 NILS-PC Nils MESSAGE IP Protection stopped successfully
2013/05/06 22:18:10 +0200 NILS-PC Nils MESSAGE Database refreshed successfully
2013/05/06 22:18:10 +0200 NILS-PC Nils MESSAGE Starting IP protection
2013/05/06 22:18:40 +0200 NILS-PC Nils MESSAGE IP Protection started successfully
Code:
ATTFilter 2013/05/07 12:26:16 +0200 NILS-PC Nils MESSAGE Starting protection
2013/05/07 12:26:16 +0200 NILS-PC Nils MESSAGE Protection started successfully
2013/05/07 12:26:16 +0200 NILS-PC Nils MESSAGE Starting IP protection
2013/05/07 12:26:28 +0200 NILS-PC Nils MESSAGE IP Protection started successfully
|
|
07.05.2013, 13:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tcbhn.exe wurde beendet und geschlossen. Wieso lässt du MBAM laufen, du solltest doch keine neuen Scans machen (noch nicht)! Ich hatte nur nach schon vorhandenen Logs mit gefragt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 13:45
| #5 |
| | tcbhn.exe wurde beendet und geschlossen. mbam hab ich gestern noch vor den beiden anderen durchlaufen lassen. weitere Logs von Zoek und OTL habe ich nicht. |
|
07.05.2013, 14:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tcbhn.exe wurde beendet und geschlossen. Ok, dann ist ja gut Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> tcbhn.exe wurde beendet und geschlossen. |
|
07.05.2013, 16:07
| #7 |
| | tcbhn.exe wurde beendet und geschlossen. ok, hier ist der Logfile: Code:
ATTFilter ComboFix 13-05-07.02 - Nils 07.05.2013 16:49:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1526 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-07 bis 2013-05-07 ))))))))))))))))))))))))))))))
.
.
2013-05-07 14:56 . 2013-05-07 14:56 -------- d-----w- c:\users\Nils\AppData\Local\temp
2013-05-07 14:56 . 2013-05-07 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-07 10:36 . 2013-05-07 10:36 -------- d-----w- c:\program files\Common Files\Java
2013-05-07 10:36 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-06 11:38 . 2013-05-06 11:28 24064 ----a-w- c:\windows\zoek-delete.exe
2013-05-06 10:43 . 2013-05-06 10:43 -------- d-----w- c:\users\Nils\AppData\Roaming\Malwarebytes
2013-05-06 10:43 . 2013-05-06 10:43 -------- d-----w- c:\programdata\Malwarebytes
2013-05-06 10:43 . 2013-05-06 10:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-06 10:43 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-04 19:23 . 2013-05-05 08:43 -------- d-----w- c:\program files\DivX
2013-05-04 19:17 . 2013-05-05 08:43 -------- d-----w- c:\programdata\DivX
2013-04-28 08:25 . 2013-04-28 08:25 -------- d-----w- c:\program files\Microsoft
2013-04-27 10:52 . 2013-04-27 10:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-10 17:30 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 17:30 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 17:30 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 17:30 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 17:30 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 17:29 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 17:29 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 17:29 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 16:24 . 2013-04-10 16:24 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 13:23 . 2012-09-05 19:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 13:23 . 2012-09-05 19:31 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 18:42 . 2012-10-17 10:18 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-29 18:42 . 2012-10-17 10:18 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-29 18:42 . 2012-10-17 10:18 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-26 09:15 . 2012-10-09 10:01 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-26 09:15 . 2012-10-09 10:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 01:57 . 2013-03-17 13:38 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="d:\program files\Steam\Steam.exe" [2013-04-19 1631144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"GoogleChromeAutoLaunch_1C06F4F014860E95AE736C749201F366"="c:\users\Nils\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - d:\program files\OpenOffice\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 13:23]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000Core.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 20:02]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000UA.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06 20:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-DivXMediaServer - d:\program files\DivX\DivX Media Server\DivXMediaServer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-GinyasBrowserCompanion - c:\program files\BrowserCompanion\uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07 16:58:31
ComboFix-quarantined-files.txt 2013-05-07 14:58
.
Vor Suchlauf: 7 Verzeichnis(se), 32.042.037.248 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 31.994.650.624 Bytes frei
.
- - End Of File - - 4EBD21A5B15EEB22736E314D57797CAE
|
|
07.05.2013, 16:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tcbhn.exe wurde beendet und geschlossen. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 18:53
| #9 |
| | tcbhn.exe wurde beendet und geschlossen. ok hier die Logfiles: GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-07 19:03:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.P003HPM1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Nils\AppData\Local\Temp\kxldqpoc.sys
---- System - GMER 2.1 ----
SSDT 8ABA4EC6 ZwCreateSection
SSDT 8ABA4ED0 ZwRequestWaitReplyPort
SSDT 8ABA4ECB ZwSetContextThread
SSDT 8ABA4ED5 ZwSetSecurityObject
SSDT 8ABA4EDA ZwSystemDebugControl
SSDT 8ABA4E67 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81CF1958 4 Bytes [C6, 4E, BA, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 81CF1C7C 4 Bytes [D0, 4E, BA, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CF1CB0 4 Bytes [CB, 4E, BA, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CF1D14 4 Bytes [D5, 4E, BA, 8A]
.text ntkrnlpa.exe!KeSetEvent + 619 81CF1D5C 4 Bytes [DA, 4E, BA, 8A]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9E207000, 0x2BFBF0, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Nils\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\ComboFix\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- EOF - GMER 2.1 ----
mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.07.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nils :: NILS-PC [administrator]
07.05.2013 19:26:28
mbar-log-2013-05-07 (19-26-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27416
Time elapsed: 15 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
07.05.2013, 20:56
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tcbhn.exe wurde beendet und geschlossen. aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2013, 15:02
| #11 |
| | tcbhn.exe wurde beendet und geschlossen. ok habs nun durchgeführt, aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-07 22:27:10
-----------------------------
22:27:10.425 OS Version: Windows 6.0.6002 Service Pack 2
22:27:10.425 Number of processors: 2 586 0x301
22:27:10.426 ComputerName: NILS-PC UserName: Nils
22:27:11.941 Initialize success
22:28:47.997 AVAST engine defs: 13050700
22:29:57.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:29:57.261 Disk 0 Vendor: ST9500325AS P003HPM1 Size: 476940MB BusType: 3
22:29:57.522 Disk 0 MBR read successfully
22:29:57.525 Disk 0 MBR scan
22:29:57.548 Disk 0 Windows VISTA default MBR code
22:29:57.575 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 65000 MB offset 2048
22:29:57.613 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 411938 MB offset 133122048
22:29:57.633 Disk 0 scanning sectors +976771072
22:29:58.023 Disk 0 scanning C:\Windows\system32\drivers
22:30:32.134 Service scanning
22:31:15.082 Modules scanning
22:31:50.758 Disk 0 trace - called modules:
22:31:50.786 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmpag.sys atikmdag.sys tcpip.sys NETIO.SYS
22:31:50.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8515fac8]
22:31:50.802 3 CLASSPNP.SYS[8a1b48b3] -> nt!IofCallDriver -> [0x850da4f0]
22:31:50.811 5 hpdskflt.sys[8a196f92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85017b98]
22:31:54.403 AVAST engine scan C:\Windows
22:32:09.629 AVAST engine scan C:\Windows\system32
22:43:20.670 AVAST engine scan C:\Windows\system32\drivers
22:44:04.481 AVAST engine scan C:\Users\Nils
22:48:56.891 AVAST engine scan C:\ProgramData
22:50:08.066 Scan finished successfully
22:52:11.441 Disk 0 MBR has been saved successfully to "C:\Users\Nils\Desktop\MBR.dat"
22:52:11.460 The log file has been saved successfully to "C:\Users\Nils\Desktop\aswMBR.txt"
Code:
ATTFilter 13:29:33.0606 5332 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:29:33.0663 5332 ============================================================
13:29:33.0663 5332 Current date / time: 2013/05/08 13:29:33.0663
13:29:33.0663 5332 SystemInfo:
13:29:33.0663 5332
13:29:33.0663 5332 OS Version: 6.0.6002 ServicePack: 2.0
13:29:33.0663 5332 Product type: Workstation
13:29:33.0663 5332 ComputerName: NILS-PC
13:29:33.0664 5332 UserName: Nils
13:29:33.0664 5332 Windows directory: C:\Windows
13:29:33.0664 5332 System windows directory: C:\Windows
13:29:33.0664 5332 Processor architecture: Intel x86
13:29:33.0664 5332 Number of processors: 2
13:29:33.0664 5332 Page size: 0x1000
13:29:33.0664 5332 Boot type: Normal boot
13:29:33.0664 5332 ============================================================
13:29:35.0399 5332 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:29:35.0402 5332 ============================================================
13:29:35.0402 5332 \Device\Harddisk0\DR0:
13:29:35.0404 5332 MBR partitions:
13:29:35.0404 5332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7EF4000
13:29:35.0404 5332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7EF4800, BlocksNum 0x32491000
13:29:35.0404 5332 ============================================================
13:29:35.0467 5332 C: <-> \Device\Harddisk0\DR0\Partition1
13:29:35.0495 5332 D: <-> \Device\Harddisk0\DR0\Partition2
13:29:35.0495 5332 ============================================================
13:29:35.0495 5332 Initialize success
13:29:35.0495 5332 ============================================================
13:31:08.0372 2660 ============================================================
13:31:08.0372 2660 Scan started
13:31:08.0372 2660 Mode: Manual; SigCheck; TDLFS;
13:31:08.0372 2660 ============================================================
13:31:09.0384 2660 ================ Scan system memory ========================
13:31:09.0384 2660 System memory - ok
13:31:09.0386 2660 ================ Scan services =============================
13:31:11.0584 2660 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:31:12.0014 2660 Accelerometer - ok
13:31:12.0061 2660 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:31:12.0138 2660 ACPI - ok
13:31:12.0292 2660 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:31:12.0342 2660 AdobeARMservice - ok
13:31:12.0422 2660 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:31:12.0438 2660 AdobeFlashPlayerUpdateSvc - ok
13:31:12.0520 2660 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:31:12.0545 2660 adp94xx - ok
13:31:12.0590 2660 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:31:12.0620 2660 adpahci - ok
13:31:12.0685 2660 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:31:12.0706 2660 adpu160m - ok
13:31:12.0748 2660 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:31:12.0764 2660 adpu320 - ok
13:31:12.0816 2660 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:31:12.0991 2660 AeLookupSvc - ok
13:31:13.0424 2660 [ 3B1B2EE9DF189F6BBB080BF393D1B2EE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
13:31:13.0535 2660 AESTFilters - ok
13:31:13.0624 2660 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:31:13.0734 2660 AFD - ok
13:31:13.0787 2660 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:31:13.0826 2660 agp440 - ok
13:31:13.0897 2660 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:31:13.0936 2660 aic78xx - ok
13:31:13.0970 2660 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:31:14.0179 2660 ALG - ok
13:31:14.0266 2660 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
13:31:14.0301 2660 aliide - ok
13:31:14.0364 2660 [ C4232FADFA9691B85DDA0A7B636C5F6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:31:14.0489 2660 AMD External Events Utility - ok
13:31:14.0546 2660 AMD FUEL Service - ok
13:31:14.0585 2660 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:31:14.0612 2660 amdagp - ok
13:31:14.0646 2660 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
13:31:14.0672 2660 amdide - ok
13:31:14.0722 2660 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
13:31:14.0755 2660 amdiox86 - ok
13:31:14.0800 2660 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:31:14.0861 2660 AmdK7 - ok
13:31:14.0944 2660 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:31:15.0035 2660 AmdK8 - ok
13:31:17.0038 2660 [ 10D681E635E81C253FC5DD1A5048B0E9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:31:17.0402 2660 amdkmdag - ok
13:31:17.0451 2660 [ 112A7F24C6535DBD2E90AEF34ECB57A4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:31:17.0551 2660 amdkmdap - ok
13:31:17.0730 2660 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:31:17.0756 2660 AntiVirSchedulerService - ok
13:31:17.0803 2660 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:31:17.0830 2660 AntiVirService - ok
13:31:17.0887 2660 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:31:17.0971 2660 Appinfo - ok
13:31:18.0028 2660 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:31:18.0083 2660 arc - ok
13:31:18.0170 2660 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:31:18.0209 2660 arcsas - ok
13:31:18.0268 2660 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:18.0363 2660 AsyncMac - ok
13:31:18.0407 2660 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:31:18.0456 2660 atapi - ok
13:31:18.0611 2660 [ 02D34AC487DF3DA4E3F01874E61EB619 ] athr C:\Windows\system32\DRIVERS\athr.sys
13:31:18.0718 2660 athr - ok
13:31:20.0623 2660 [ 10D681E635E81C253FC5DD1A5048B0E9 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:31:21.0061 2660 atikmdag - ok
13:31:21.0129 2660 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:31:21.0157 2660 AtiPcie - ok
13:31:21.0223 2660 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:31:21.0299 2660 AudioEndpointBuilder - ok
13:31:21.0388 2660 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:31:21.0452 2660 Audiosrv - ok
13:31:21.0556 2660 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:31:21.0608 2660 avgntflt - ok
13:31:21.0661 2660 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:31:21.0694 2660 avipbb - ok
13:31:21.0736 2660 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:31:21.0769 2660 avkmgr - ok
13:31:21.0830 2660 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:31:21.0921 2660 Beep - ok
13:31:21.0999 2660 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:31:22.0078 2660 BFE - ok
13:31:22.0290 2660 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
13:31:22.0459 2660 BITS - ok
13:31:22.0514 2660 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:31:22.0595 2660 blbdrive - ok
13:31:22.0626 2660 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:31:22.0684 2660 bowser - ok
13:31:22.0717 2660 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:31:22.0766 2660 BrFiltLo - ok
13:31:22.0845 2660 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:31:22.0902 2660 BrFiltUp - ok
13:31:22.0933 2660 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:31:22.0999 2660 Browser - ok
13:31:23.0045 2660 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:31:23.0241 2660 Brserid - ok
13:31:23.0268 2660 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:31:23.0345 2660 BrSerWdm - ok
13:31:23.0381 2660 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:31:23.0468 2660 BrUsbMdm - ok
13:31:23.0501 2660 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:31:23.0653 2660 BrUsbSer - ok
13:31:23.0716 2660 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:31:23.0867 2660 BTHMODEM - ok
13:31:24.0020 2660 catchme - ok
13:31:24.0087 2660 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:31:24.0205 2660 cdfs - ok
13:31:24.0261 2660 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:31:24.0366 2660 cdrom - ok
13:31:24.0442 2660 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:31:24.0580 2660 CertPropSvc - ok
13:31:24.0684 2660 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:31:24.0750 2660 circlass - ok
13:31:24.0850 2660 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:31:24.0868 2660 CLFS - ok
13:31:25.0265 2660 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:31:25.0344 2660 clr_optimization_v2.0.50727_32 - ok
13:31:25.0536 2660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:31:25.0591 2660 clr_optimization_v4.0.30319_32 - ok
13:31:25.0651 2660 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:31:25.0778 2660 CmBatt - ok
13:31:25.0840 2660 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:31:25.0876 2660 cmdide - ok
13:31:25.0915 2660 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:31:25.0955 2660 Compbatt - ok
13:31:25.0967 2660 COMSysApp - ok
13:31:26.0004 2660 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:31:26.0032 2660 crcdisk - ok
13:31:26.0102 2660 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:31:26.0199 2660 Crusoe - ok
13:31:26.0256 2660 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:31:26.0324 2660 CryptSvc - ok
13:31:26.0389 2660 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:31:26.0507 2660 DcomLaunch - ok
13:31:26.0578 2660 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:31:26.0623 2660 DfsC - ok
13:31:26.0948 2660 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:31:27.0243 2660 DFSR - ok
13:31:27.0310 2660 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:31:27.0401 2660 Dhcp - ok
13:31:27.0438 2660 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:31:27.0488 2660 disk - ok
13:31:27.0548 2660 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:31:27.0596 2660 Dnscache - ok
13:31:27.0622 2660 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:31:27.0667 2660 dot3svc - ok
13:31:27.0751 2660 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:31:27.0784 2660 DPS - ok
13:31:27.0906 2660 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:31:27.0995 2660 drmkaud - ok
13:31:28.0101 2660 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:31:28.0173 2660 DXGKrnl - ok
13:31:28.0228 2660 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:31:28.0292 2660 E1G60 - ok
13:31:28.0335 2660 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:31:28.0408 2660 EapHost - ok
13:31:28.0455 2660 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:31:28.0491 2660 Ecache - ok
13:31:28.0706 2660 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:31:28.0804 2660 ehRecvr - ok
13:31:28.0856 2660 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:31:28.0964 2660 ehSched - ok
13:31:29.0015 2660 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:31:29.0082 2660 ehstart - ok
13:31:29.0137 2660 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:31:29.0212 2660 elxstor - ok
13:31:29.0419 2660 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:31:29.0535 2660 EMDMgmt - ok
13:31:29.0601 2660 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:31:29.0667 2660 ErrDev - ok
13:31:29.0749 2660 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:31:29.0818 2660 EventSystem - ok
13:31:29.0871 2660 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:31:29.0918 2660 exfat - ok
13:31:29.0943 2660 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:31:29.0976 2660 fastfat - ok
13:31:30.0031 2660 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:31:30.0092 2660 fdc - ok
13:31:30.0177 2660 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:31:30.0231 2660 fdPHost - ok
13:31:30.0264 2660 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:31:30.0385 2660 FDResPub - ok
13:31:30.0430 2660 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:31:30.0445 2660 FileInfo - ok
13:31:30.0473 2660 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:31:30.0528 2660 Filetrace - ok
13:31:30.0547 2660 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:31:30.0616 2660 flpydisk - ok
13:31:30.0737 2660 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:31:30.0770 2660 FltMgr - ok
13:31:30.0938 2660 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:31:31.0059 2660 FontCache - ok
13:31:31.0208 2660 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:31:31.0281 2660 FontCache3.0.0.0 - ok
13:31:31.0363 2660 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:31:31.0458 2660 Fs_Rec - ok
13:31:31.0545 2660 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:31:31.0597 2660 gagp30kx - ok
13:31:31.0792 2660 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:31:31.0897 2660 gpsvc - ok
13:31:32.0006 2660 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:31:32.0116 2660 HdAudAddService - ok
13:31:32.0300 2660 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:32.0385 2660 HDAudBus - ok
13:31:32.0413 2660 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:31:32.0512 2660 HidBth - ok
13:31:32.0541 2660 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:31:32.0667 2660 HidIr - ok
13:31:32.0864 2660 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
13:31:32.0965 2660 hidserv - ok
13:31:33.0014 2660 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:31:33.0126 2660 HidUsb - ok
13:31:33.0174 2660 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:31:33.0300 2660 hkmsvc - ok
13:31:33.0352 2660 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:31:33.0385 2660 HpCISSs - ok
13:31:33.0422 2660 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:31:33.0448 2660 hpdskflt - ok
13:31:33.0465 2660 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
13:31:33.0488 2660 hpsrv - ok
13:31:33.0570 2660 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:31:33.0620 2660 HTTP - ok
13:31:33.0683 2660 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:31:33.0697 2660 i2omp - ok
13:31:33.0782 2660 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:31:33.0843 2660 i8042prt - ok
13:31:33.0890 2660 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:31:33.0942 2660 iaStorV - ok
13:31:34.0264 2660 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:31:34.0595 2660 idsvc - ok
13:31:34.0634 2660 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:31:34.0668 2660 iirsp - ok
13:31:34.0860 2660 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:31:34.0988 2660 IKEEXT - ok
13:31:35.0080 2660 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
13:31:35.0134 2660 intelide - ok
13:31:35.0180 2660 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:31:35.0289 2660 intelppm - ok
13:31:35.0347 2660 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:31:35.0425 2660 IPBusEnum - ok
13:31:35.0465 2660 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:35.0531 2660 IpFilterDriver - ok
13:31:35.0608 2660 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:31:35.0679 2660 iphlpsvc - ok
13:31:35.0689 2660 IpInIp - ok
13:31:35.0732 2660 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:31:35.0801 2660 IPMIDRV - ok
13:31:35.0837 2660 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:31:35.0929 2660 IPNAT - ok
13:31:36.0034 2660 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:31:36.0089 2660 IRENUM - ok
13:31:36.0114 2660 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:31:36.0142 2660 isapnp - ok
13:31:36.0186 2660 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:31:36.0219 2660 iScsiPrt - ok
13:31:36.0262 2660 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:31:36.0286 2660 iteatapi - ok
13:31:36.0322 2660 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:31:36.0347 2660 iteraid - ok
13:31:36.0373 2660 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:36.0401 2660 kbdclass - ok
13:31:36.0437 2660 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:36.0477 2660 kbdhid - ok
13:31:36.0519 2660 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:31:36.0596 2660 KeyIso - ok
13:31:36.0766 2660 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:31:36.0847 2660 KSecDD - ok
13:31:36.0913 2660 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:31:37.0072 2660 KtmRm - ok
13:31:37.0271 2660 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
13:31:37.0356 2660 LanmanServer - ok
13:31:37.0400 2660 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:31:37.0475 2660 LanmanWorkstation - ok
13:31:37.0578 2660 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:31:37.0705 2660 lltdio - ok
13:31:37.0810 2660 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:31:37.0943 2660 lltdsvc - ok
13:31:37.0978 2660 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:31:38.0047 2660 lmhosts - ok
13:31:38.0089 2660 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:31:38.0111 2660 LSI_FC - ok
13:31:38.0140 2660 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:31:38.0164 2660 LSI_SAS - ok
13:31:38.0204 2660 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:31:38.0228 2660 LSI_SCSI - ok
13:31:38.0256 2660 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:31:38.0342 2660 luafv - ok
13:31:38.0449 2660 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:31:38.0476 2660 MBAMProtector - ok
13:31:38.0673 2660 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:31:38.0753 2660 MBAMScheduler - ok
13:31:39.0009 2660 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:31:39.0068 2660 MBAMService - ok
13:31:39.0105 2660 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:31:39.0150 2660 Mcx2Svc - ok
13:31:39.0186 2660 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:31:39.0216 2660 megasas - ok
13:31:39.0355 2660 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:31:39.0419 2660 MegaSR - ok
13:31:39.0741 2660 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:31:39.0788 2660 Microsoft Office Groove Audit Service - ok
13:31:39.0865 2660 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:31:39.0989 2660 MMCSS - ok
13:31:40.0117 2660 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:31:40.0217 2660 Modem - ok
13:31:40.0274 2660 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:31:40.0396 2660 monitor - ok
13:31:40.0434 2660 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:31:40.0459 2660 mouclass - ok
13:31:40.0503 2660 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:31:40.0583 2660 mouhid - ok
13:31:40.0612 2660 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:31:40.0657 2660 MountMgr - ok
13:31:40.0721 2660 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:31:40.0742 2660 MozillaMaintenance - ok
13:31:40.0811 2660 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:31:40.0839 2660 mpio - ok
13:31:40.0888 2660 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:31:40.0949 2660 mpsdrv - ok
13:31:41.0049 2660 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:31:41.0141 2660 MpsSvc - ok
13:31:41.0184 2660 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:31:41.0209 2660 Mraid35x - ok
13:31:41.0301 2660 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:31:41.0408 2660 MRxDAV - ok
13:31:41.0482 2660 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:41.0541 2660 mrxsmb - ok
13:31:41.0575 2660 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:41.0654 2660 mrxsmb10 - ok
13:31:41.0724 2660 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:41.0788 2660 mrxsmb20 - ok
13:31:41.0842 2660 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
13:31:41.0892 2660 msahci - ok
13:31:41.0973 2660 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:31:42.0006 2660 msdsm - ok
13:31:42.0048 2660 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:31:42.0161 2660 MSDTC - ok
13:31:42.0216 2660 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:31:42.0330 2660 Msfs - ok
13:31:42.0399 2660 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:31:42.0423 2660 msisadrv - ok
13:31:42.0449 2660 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:31:42.0489 2660 MSiSCSI - ok
13:31:42.0508 2660 msiserver - ok
13:31:42.0533 2660 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:31:42.0591 2660 MSKSSRV - ok
13:31:42.0633 2660 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:42.0699 2660 MSPCLOCK - ok
13:31:42.0789 2660 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:31:42.0885 2660 MSPQM - ok
13:31:43.0070 2660 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:31:43.0125 2660 MsRPC - ok
13:31:43.0171 2660 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:43.0223 2660 mssmbios - ok
13:31:43.0269 2660 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:31:43.0337 2660 MSTEE - ok
13:31:43.0394 2660 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:31:43.0422 2660 Mup - ok
13:31:43.0458 2660 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:31:43.0527 2660 napagent - ok
13:31:43.0565 2660 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:31:43.0597 2660 NativeWifiP - ok
13:31:43.0654 2660 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:31:43.0701 2660 NDIS - ok
13:31:43.0742 2660 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:43.0822 2660 NdisTapi - ok
13:31:43.0866 2660 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:43.0970 2660 Ndisuio - ok
13:31:44.0003 2660 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:44.0058 2660 NdisWan - ok
13:31:44.0187 2660 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:31:44.0234 2660 NDProxy - ok
13:31:44.0268 2660 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:31:44.0336 2660 NetBIOS - ok
13:31:44.0457 2660 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:31:44.0529 2660 netbt - ok
13:31:44.0553 2660 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:31:44.0568 2660 Netlogon - ok
13:31:44.0995 2660 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:31:45.0139 2660 Netman - ok
13:31:45.0242 2660 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:31:45.0359 2660 netprofm - ok
13:31:45.0422 2660 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:31:45.0496 2660 NetTcpPortSharing - ok
13:31:45.0543 2660 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:31:45.0569 2660 nfrd960 - ok
13:31:45.0639 2660 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:31:45.0782 2660 NlaSvc - ok
13:31:45.0886 2660 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:31:46.0003 2660 Npfs - ok
13:31:46.0092 2660 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:31:46.0215 2660 nsi - ok
13:31:46.0391 2660 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:31:46.0510 2660 nsiproxy - ok
13:31:46.0701 2660 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:31:46.0965 2660 Ntfs - ok
13:31:47.0056 2660 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:31:47.0166 2660 ntrigdigi - ok
13:31:47.0205 2660 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:31:47.0277 2660 Null - ok
13:31:47.0350 2660 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:31:47.0406 2660 nvraid - ok
13:31:47.0499 2660 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:31:47.0528 2660 nvstor - ok
13:31:47.0618 2660 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:31:47.0657 2660 nv_agp - ok
13:31:47.0673 2660 NwlnkFlt - ok
13:31:47.0691 2660 NwlnkFwd - ok
13:31:48.0312 2660 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:31:48.0495 2660 odserv - ok
13:31:48.0561 2660 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:31:48.0667 2660 ohci1394 - ok
13:31:48.0720 2660 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:31:48.0744 2660 ose - ok
13:31:49.0015 2660 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:31:49.0142 2660 p2pimsvc - ok
13:31:49.0205 2660 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:31:49.0302 2660 p2psvc - ok
13:31:49.0356 2660 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:31:49.0517 2660 Parport - ok
13:31:49.0641 2660 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:31:49.0674 2660 partmgr - ok
13:31:49.0773 2660 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:31:49.0891 2660 Parvdm - ok
13:31:49.0994 2660 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:31:50.0085 2660 PcaSvc - ok
13:31:50.0141 2660 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:31:50.0160 2660 pci - ok
13:31:50.0193 2660 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
13:31:50.0212 2660 pciide - ok
13:31:50.0244 2660 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:31:50.0266 2660 pcmcia - ok
13:31:50.0341 2660 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:31:50.0538 2660 PEAUTH - ok
13:31:51.0010 2660 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:31:51.0160 2660 pla - ok
13:31:51.0245 2660 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:31:51.0317 2660 PlugPlay - ok
13:31:51.0637 2660 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:31:51.0732 2660 PNRPAutoReg - ok
13:31:51.0846 2660 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:31:51.0940 2660 PNRPsvc - ok
13:31:52.0024 2660 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:31:52.0129 2660 PolicyAgent - ok
13:31:52.0231 2660 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:31:52.0339 2660 PptpMiniport - ok
13:31:52.0461 2660 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:31:52.0537 2660 Processor - ok
13:31:52.0603 2660 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:31:52.0659 2660 ProfSvc - ok
13:31:52.0763 2660 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:31:52.0800 2660 ProtectedStorage - ok
13:31:52.0847 2660 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:31:52.0951 2660 PSched - ok
13:31:53.0035 2660 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:31:53.0165 2660 ql2300 - ok
13:31:53.0205 2660 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:31:53.0259 2660 ql40xx - ok
13:31:53.0388 2660 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:31:53.0466 2660 QWAVE - ok
13:31:53.0494 2660 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:31:53.0541 2660 QWAVEdrv - ok
13:31:53.0562 2660 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:31:53.0645 2660 RasAcd - ok
13:31:53.0726 2660 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:31:53.0818 2660 RasAuto - ok
13:31:53.0880 2660 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:53.0935 2660 Rasl2tp - ok
13:31:54.0001 2660 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:31:54.0085 2660 RasMan - ok
13:31:54.0120 2660 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:54.0183 2660 RasPppoe - ok
13:31:54.0199 2660 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:31:54.0214 2660 RasSstp - ok
13:31:54.0329 2660 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:31:54.0359 2660 rdbss - ok
13:31:54.0415 2660 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:54.0484 2660 RDPCDD - ok
13:31:54.0611 2660 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:31:54.0639 2660 rdpdr - ok
13:31:54.0691 2660 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:31:54.0765 2660 RDPENCDD - ok
13:31:54.0949 2660 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:31:55.0034 2660 RDPWD - ok
13:31:55.0083 2660 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:31:55.0171 2660 RemoteAccess - ok
13:31:55.0253 2660 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:31:55.0297 2660 RemoteRegistry - ok
13:31:55.0327 2660 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:31:55.0381 2660 RpcLocator - ok
13:31:55.0452 2660 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:31:55.0516 2660 RpcSs - ok
13:31:55.0593 2660 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:31:55.0717 2660 rspndr - ok
13:31:55.0773 2660 [ 53892CBD9735A80712EE9439268344B4 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:31:55.0883 2660 RTL8169 - ok
13:31:55.0910 2660 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:31:55.0950 2660 SamSs - ok
13:31:56.0021 2660 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:31:56.0046 2660 sbp2port - ok
13:31:56.0107 2660 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:31:56.0153 2660 SCardSvr - ok
13:31:56.0324 2660 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:31:56.0452 2660 Schedule - ok
13:31:56.0509 2660 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:31:56.0588 2660 SCPolicySvc - ok
13:31:56.0687 2660 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:31:56.0739 2660 SDRSVC - ok
13:31:56.0767 2660 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:31:56.0886 2660 secdrv - ok
13:31:56.0922 2660 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:31:56.0995 2660 seclogon - ok
13:31:57.0018 2660 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
13:31:57.0090 2660 SENS - ok
13:31:57.0184 2660 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:31:57.0304 2660 Serenum - ok
13:31:57.0367 2660 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:31:57.0499 2660 Serial - ok
13:31:57.0524 2660 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:31:57.0577 2660 sermouse - ok
13:31:57.0641 2660 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:31:57.0698 2660 SessionEnv - ok
13:31:57.0776 2660 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:31:57.0857 2660 sffdisk - ok
13:31:57.0951 2660 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:31:58.0030 2660 sffp_mmc - ok
13:31:58.0068 2660 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:31:58.0165 2660 sffp_sd - ok
13:31:58.0210 2660 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:31:58.0387 2660 sfloppy - ok
13:31:58.0477 2660 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:31:58.0546 2660 SharedAccess - ok
13:31:58.0596 2660 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:31:58.0649 2660 ShellHWDetection - ok
13:31:58.0678 2660 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:31:58.0692 2660 sisagp - ok
13:31:58.0755 2660 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:31:58.0781 2660 SiSRaid2 - ok
13:31:58.0803 2660 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:31:58.0819 2660 SiSRaid4 - ok
13:31:58.0941 2660 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:31:58.0956 2660 SkypeUpdate - ok
13:32:00.0079 2660 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:32:00.0422 2660 slsvc - ok
13:32:00.0466 2660 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:32:00.0562 2660 SLUINotify - ok
13:32:00.0621 2660 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:32:00.0653 2660 Smb - ok
13:32:00.0728 2660 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:32:00.0755 2660 SNMPTRAP - ok
13:32:00.0783 2660 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:32:00.0811 2660 spldr - ok
13:32:00.0945 2660 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:32:01.0047 2660 Spooler - ok
13:32:01.0252 2660 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:32:01.0386 2660 srv - ok
13:32:01.0516 2660 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:32:01.0638 2660 srv2 - ok
13:32:01.0755 2660 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:32:01.0833 2660 srvnet - ok
13:32:01.0898 2660 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:32:02.0047 2660 SSDPSRV - ok
13:32:02.0188 2660 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:32:02.0221 2660 ssmdrv - ok
13:32:02.0356 2660 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:32:02.0387 2660 SstpSvc - ok
13:32:03.0419 2660 [ 5508A51D0B0180DE6EFBD00A47EEA608 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
13:32:03.0493 2660 STacSV - ok
13:32:03.0524 2660 Steam Client Service - ok
13:32:03.0596 2660 [ B2F17B5FB428F5CD6D56B2AB7C7FF80B ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
13:32:03.0667 2660 STHDA - ok
13:32:03.0728 2660 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:32:03.0793 2660 stisvc - ok
13:32:03.0848 2660 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:32:03.0875 2660 swenum - ok
13:32:03.0957 2660 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:32:04.0071 2660 swprv - ok
13:32:04.0109 2660 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:32:04.0162 2660 Symc8xx - ok
13:32:04.0234 2660 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:32:04.0252 2660 Sym_hi - ok
13:32:04.0280 2660 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:32:04.0298 2660 Sym_u3 - ok
13:32:04.0530 2660 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:32:04.0623 2660 SysMain - ok
13:32:04.0729 2660 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:32:04.0808 2660 TabletInputService - ok
13:32:04.0869 2660 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:32:04.0983 2660 TapiSrv - ok
13:32:05.0013 2660 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:32:05.0078 2660 TBS - ok
13:32:05.0302 2660 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:32:05.0452 2660 Tcpip - ok
13:32:05.0577 2660 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:32:05.0696 2660 Tcpip6 - ok
13:32:05.0758 2660 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:32:05.0817 2660 tcpipreg - ok
13:32:05.0880 2660 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:32:05.0987 2660 TDPIPE - ok
13:32:06.0023 2660 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:32:06.0092 2660 TDTCP - ok
13:32:06.0121 2660 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:32:06.0183 2660 tdx - ok
13:32:06.0229 2660 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:32:06.0246 2660 TermDD - ok
13:32:06.0358 2660 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:32:06.0453 2660 TermService - ok
13:32:06.0545 2660 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:32:06.0567 2660 Themes - ok
13:32:06.0595 2660 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:32:06.0664 2660 THREADORDER - ok
13:32:06.0757 2660 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:32:06.0841 2660 TrkWks - ok
13:32:06.0981 2660 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:32:07.0063 2660 TrustedInstaller - ok
13:32:07.0117 2660 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:07.0209 2660 tssecsrv - ok
13:32:07.0248 2660 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:32:07.0312 2660 tunmp - ok
13:32:07.0400 2660 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:32:07.0453 2660 tunnel - ok
13:32:07.0499 2660 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:32:07.0545 2660 uagp35 - ok
13:32:07.0587 2660 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:32:07.0635 2660 udfs - ok
13:32:07.0718 2660 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:32:07.0783 2660 UI0Detect - ok
13:32:07.0824 2660 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:32:07.0846 2660 uliagpkx - ok
13:32:07.0911 2660 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:32:07.0937 2660 uliahci - ok
13:32:07.0996 2660 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:32:08.0013 2660 UlSata - ok
13:32:08.0072 2660 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:32:08.0094 2660 ulsata2 - ok
13:32:08.0130 2660 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:32:08.0192 2660 umbus - ok
13:32:08.0268 2660 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:32:08.0342 2660 upnphost - ok
13:32:08.0444 2660 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:08.0534 2660 usbccgp - ok
13:32:08.0604 2660 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:32:08.0669 2660 usbcir - ok
13:32:08.0693 2660 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:32:08.0729 2660 usbehci - ok
13:32:08.0754 2660 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:32:08.0795 2660 usbhub - ok
13:32:08.0822 2660 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:32:08.0847 2660 usbohci - ok
13:32:08.0864 2660 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:32:08.0925 2660 usbprint - ok
13:32:08.0959 2660 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:08.0993 2660 USBSTOR - ok
13:32:09.0007 2660 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:32:09.0042 2660 usbuhci - ok
13:32:09.0090 2660 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:32:09.0145 2660 usbvideo - ok
13:32:09.0173 2660 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:32:09.0217 2660 UxSms - ok
13:32:09.0251 2660 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:32:09.0308 2660 vds - ok
13:32:09.0349 2660 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:09.0390 2660 vga - ok
13:32:09.0416 2660 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:32:09.0481 2660 VgaSave - ok
13:32:09.0500 2660 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:32:09.0520 2660 viaagp - ok
13:32:09.0535 2660 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:32:09.0573 2660 ViaC7 - ok
13:32:09.0590 2660 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
13:32:09.0604 2660 viaide - ok
13:32:09.0628 2660 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:32:09.0642 2660 volmgr - ok
13:32:09.0653 2660 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:32:09.0673 2660 volmgrx - ok
13:32:09.0700 2660 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:32:09.0718 2660 volsnap - ok
13:32:09.0742 2660 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:32:09.0757 2660 vsmraid - ok
13:32:09.0805 2660 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:32:09.0914 2660 VSS - ok
13:32:09.0945 2660 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:32:09.0991 2660 W32Time - ok
13:32:10.0017 2660 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:32:10.0098 2660 WacomPen - ok
13:32:10.0117 2660 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:32:10.0161 2660 Wanarp - ok
13:32:10.0166 2660 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:32:10.0199 2660 Wanarpv6 - ok
13:32:10.0231 2660 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:32:10.0287 2660 wcncsvc - ok
13:32:10.0312 2660 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:32:10.0355 2660 WcsPlugInService - ok
13:32:10.0385 2660 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:32:10.0411 2660 Wd - ok
13:32:10.0460 2660 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:32:10.0506 2660 Wdf01000 - ok
13:32:10.0547 2660 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:32:10.0591 2660 WdiServiceHost - ok
13:32:10.0613 2660 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:32:10.0644 2660 WdiSystemHost - ok
13:32:10.0660 2660 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:32:10.0687 2660 WebClient - ok
13:32:10.0711 2660 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:32:10.0744 2660 Wecsvc - ok
13:32:10.0779 2660 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:32:10.0812 2660 wercplsupport - ok
13:32:10.0836 2660 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:32:10.0877 2660 WerSvc - ok
13:32:10.0927 2660 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:32:10.0984 2660 WinDefend - ok
13:32:10.0996 2660 WinHttpAutoProxySvc - ok
13:32:11.0076 2660 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:32:11.0101 2660 Winmgmt - ok
13:32:11.0155 2660 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:32:11.0222 2660 WinRM - ok
13:32:11.0291 2660 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:32:11.0360 2660 Wlansvc - ok
13:32:11.0404 2660 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:32:11.0450 2660 WmiAcpi - ok
13:32:11.0495 2660 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:32:11.0543 2660 wmiApSrv - ok
13:32:11.0603 2660 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:32:11.0700 2660 WMPNetworkSvc - ok
13:32:11.0738 2660 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:32:11.0795 2660 WPCSvc - ok
13:32:11.0826 2660 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:32:11.0883 2660 WPDBusEnum - ok
13:32:11.0923 2660 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:32:11.0951 2660 WpdUsb - ok
13:32:12.0048 2660 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:32:12.0098 2660 WPFFontCache_v0400 - ok
13:32:12.0135 2660 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:32:12.0235 2660 ws2ifsl - ok
13:32:12.0277 2660 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
13:32:12.0346 2660 wscsvc - ok
13:32:12.0357 2660 WSearch - ok
13:32:12.0442 2660 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:32:12.0548 2660 wuauserv - ok
13:32:12.0588 2660 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:32:12.0646 2660 WudfPf - ok
13:32:12.0677 2660 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:12.0711 2660 WUDFRd - ok
13:32:12.0739 2660 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:32:12.0769 2660 wudfsvc - ok
13:32:12.0792 2660 ================ Scan global ===============================
13:32:12.0811 2660 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:32:12.0847 2660 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:32:12.0876 2660 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:32:12.0913 2660 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:32:12.0922 2660 [Global] - ok
13:32:12.0922 2660 ================ Scan MBR ==================================
13:32:12.0933 2660 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:32:13.0539 2660 \Device\Harddisk0\DR0 - ok
13:32:13.0540 2660 ================ Scan VBR ==================================
13:32:13.0581 2660 [ 2D52A0E29469367089A6AB1530199AC8 ] \Device\Harddisk0\DR0\Partition1
13:32:13.0590 2660 \Device\Harddisk0\DR0\Partition1 - ok
13:32:13.0608 2660 [ 3B7070FBDE8C2E44A0EDB7EC96E05898 ] \Device\Harddisk0\DR0\Partition2
13:32:13.0614 2660 \Device\Harddisk0\DR0\Partition2 - ok
13:32:13.0615 2660 ============================================================
13:32:13.0615 2660 Scan finished
13:32:13.0615 2660 ============================================================
13:32:13.0634 4468 Detected object count: 0
13:32:13.0634 4468 Actual detected object count: 0
15:59:59.0315 4364 Deinitialize success
|
|
08.05.2013, 15:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tcbhn.exe wurde beendet und geschlossen. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2013, 15:46
| #13 |
| | tcbhn.exe wurde beendet und geschlossen. so hier JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Nils on 08.05.2013 at 16:17:09,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\blabbers
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsercompanion
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsercompanion
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\updatebho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wit4ie.dll
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Nils\AppData\Roaming\dvdvideosoftiehelpers"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2013 at 16:19:34,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 08/05/2013 um 16:22:01 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Nils - NILS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nils\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Datei : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default\prefs.js
C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nvis6il1.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BACAA314B-EEBA-48e4-AD47[...]
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1508 octets] - [08/05/2013 16:22:01]
########## EOF - C:\AdwCleaner[S1].txt - [1568 octets] ##########
Code:
ATTFilter OTL logfile created on: 08.05.2013 16:31:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nils\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,37% Memory free 6,23 Gb Paging File | 4,67 Gb Available in Paging File | 74,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,48 Gb Total Space | 29,92 Gb Free Space | 47,14% Space Free | Partition Type: NTFS Drive D: | 402,28 Gb Total Space | 349,45 Gb Free Space | 86,87% Space Free | Partition Type: NTFS Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Nils\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - D:\Program Files\OpenOffice\program\soffice.exe (OpenOffice.org) PRC - D:\Program Files\OpenOffice\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - D:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - D:\Program Files\OpenOffice\program\libxml2.dll () MOD - C:\Windows\System32\atitmpxx.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe (Andrea Electronics Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\stacsv.exe (IDT, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Nils\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2013.04.12 16:09:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.04.12 16:09:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.09.05 21:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions [2013.05.06 13:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\nvis6il1.default\extensions [2013.02.18 01:30:06 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\nvis6il1.default\extensions\foxyproxy@eric.h.jung [2012.09.23 11:34:37 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\DivXWebPlayer@divx.com.xpi [2013.04.16 15:18:51 | 000,008,023 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.12.12 13:38:45 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 19:37:17 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.01 21:23:19 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\nvis6il1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nils\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = D:\Program Files\OpenOffice\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C02B9C-E73E-41B9-93B4-BE7DA352336C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.08 16:17:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.08 16:16:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.07 19:07:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\mbar [2013.05.07 16:58:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.07 16:58:32 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\temp [2013.05.07 16:58:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.07 16:47:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.07 16:47:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.07 16:47:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.07 16:47:14 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.07 16:47:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.07 16:46:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.07 12:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.07 12:36:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.07 12:36:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.07 12:36:02 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.06 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Malwarebytes [2013.05.06 12:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.06 12:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.06 12:43:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.06 12:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.04 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.05.04 21:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.04.28 10:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.04.28 10:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.04.10 23:14:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 23:14:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 23:14:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 23:14:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 23:14:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 23:14:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 23:14:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 23:14:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 19:30:38 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 19:30:38 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 19:30:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 19:29:35 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.10 19:29:34 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 18:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013.05.08 16:30:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.08 16:24:57 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 16:24:57 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 16:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 16:24:29 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys [2013.05.08 15:50:13 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000UA.job [2013.05.08 00:43:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2793609592-4110117145-1703918749-1000Core.job [2013.05.07 23:16:13 | 237,298,082 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.07 22:52:11 | 000,000,512 | ---- | M] () -- C:\Users\Nils\Desktop\MBR.dat [2013.05.06 13:28:06 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.06 12:43:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.06 01:51:05 | 000,404,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.16 15:23:56 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.16 15:23:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.12 19:52:14 | 000,003,584 | ---- | M] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 10:39:31 | 000,002,037 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.05.07 22:52:11 | 000,000,512 | ---- | C] () -- C:\Users\Nils\Desktop\MBR.dat [2013.05.07 16:47:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.07 16:47:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.07 16:47:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.07 16:47:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.07 16:47:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.06 13:38:59 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.06 12:43:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.12 19:52:09 | 000,003,584 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.28 21:22:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012.09.28 16:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.09.05 21:02:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.05 19:15:23 | 000,001,356 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat [2012.07.04 07:09:18 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 15:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 15:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.05.2013 16:31:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nils\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,37% Memory free
6,23 Gb Paging File | 4,67 Gb Available in Paging File | 74,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 29,92 Gb Free Space | 47,14% Space Free | Partition Type: NTFS
Drive D: | 402,28 Gb Total Space | 349,45 Gb Free Space | 86,87% Space Free | Partition Type: NTFS
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{156CAAC6-F103-4B5E-892F-F7D7B2938272}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{188B4B2A-9CD6-457A-995A-5B2E48848DB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{295DCB38-B590-41DE-9FFB-E1661DACF17F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{77D7A71A-9108-491F-A412-AED387EADE6A}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{7F7F850F-06BE-4274-8CF7-1B2F8D087D76}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{859347F0-0EC1-4DFA-9C82-01D1E723679E}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{8AE456CF-C542-4CE7-8223-6119FC48B030}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E3FC560-6FFD-40D2-9323-18B83BE93FDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEA63DF1-7FD2-4378-ABCB-05B73BFEA746}" = protocol=17 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |
"{AFD51B85-9501-4957-994A-195E3027EAFD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D583F902-43E3-4EAB-9BC3-AD0E2E340E69}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE7A9D0B-7F27-4D87-93A1-F289E66508E0}" = protocol=6 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |
"{F556CFE5-A020-4012-9BA5-7071F7287AF9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FBE47B90-97F3-46F6-8A3F-270AC7EDD2B7}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"TCP Query User{0E3FEF09-40C0-4ABF-8AC7-23786D6606F5}D:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"TCP Query User{481187EC-461B-4DAA-B073-454B3AD0B4E8}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{556EFF0B-FF6C-45D3-A53F-E5D115C31C51}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{55F2CB84-4240-446F-BABC-82B4184D39A3}D:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"TCP Query User{6FF65213-7205-4D4D-A673-00776C27DC64}D:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files\skype\phone\skype.exe |
"TCP Query User{81604724-FBE0-43EA-9124-00421260DFD1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{77B619EA-70CE-4CC2-82EB-81F39E9302C8}D:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"UDP Query User{99AC6B79-076E-4D4D-ACF5-55EC49BBBC91}D:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files\skype\phone\skype.exe |
"UDP Query User{B0173481-2700-444D-AA9F-54E3B7C53334}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D48467AB-B4C2-4656-9B16-606F9B121954}D:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files\guild wars 2\gw2.exe |
"UDP Query User{DBE97F2C-2899-4FE9-8FFC-5593A757815B}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |
"UDP Query User{E572545A-B1FD-451A-84E1-8498E692794B}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Pro Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA042EF2-5103-2F7E-C313-976C6F761EBE}" = AMD Fuel
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"paw·ned²" = paw·ned² v1.3
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2793609592-4110117145-1703918749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.05.2013 10:30:37 | Computer Name = Nils-PC | Source = LoadPerf | ID = 3002
Description =
< End of report >
|
|
08.05.2013, 21:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tcbhn.exe wurde beendet und geschlossen. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2013, 17:22
| #15 |
| | tcbhn.exe wurde beendet und geschlossen. ok vom mbam: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.10.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Nils :: NILS-PC [Administrator] Schutz: Aktiviert 10.05.2013 13:48:16 mbam-log-2013-05-10 (13-48-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312481 Laufzeit: 2 Stunde(n), 2 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b054feb170b0714a8da667bebc6051ea
# engine=13799
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-10 02:57:20
# local_time=2013-05-10 04:57:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 18662 233621130 11434 0
# compatibility_mode=5892 16776574 100 100 16928707 205730568 0 0
# scanned=117429
# found=0
# cleaned=0
# scan_time=3498
|
|
| Themen zu tcbhn.exe wurde beendet und geschlossen. |
| adblock, antivir, avira, bho, converter, desktop, error, excel, firefox, flash player, google, helper, home, install.exe, logfile, mozilla, mp3, ntdll.dll, plug-in, problem, realtek, recycle.bin, registry, scan, security, senden, software, sttray.exe, system, teamspeak, windows |
Linear-Darstellung
